CVSS: 5.0EPSS: 1%CPEs: 13EXPL: 0CVE-2013-6815
https://notcve.org/view.php?id=CVE-2013-6815
The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue. La función SHSTI_UPLOAD_XML en Application Server for ABAP (AS ABAP) de SAP NetWeaver 7.31 y anteriores permite a atacantes remotos provocar una denegación de servicio a través de vectores sin especificar, relacionado con un problema XML External Entity (XXE). • http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/55620 https://erpscan.io/advisories/erpscan-13-020-sap-netweaver-shsti_upload_xml-xxe https://service.sap.com/sap/support/notes/1890819 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0CVE-2013-6244
https://notcve.org/view.php?id=CVE-2013-6244
The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. La aplicacione Live Update WebDynpro (WebDynpro / distribuidor / sap.com / tc ~ slm ~ ui_lup / LUP) en SAP NetWeaver 7.31 y anteriores permite a atacantes remotos leer archivos arbitrarios y directorios a través de un documento XML que contiene una declaración de entidad externa en combinación con un referencia de la entidad, en relación con una cuestión entidad externa XML (XXE). • http://en.securitylab.ru/lab/PT-2013-13 http://osvdb.org/98892 http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/55302 http://www.securityfocus.com/bid/63302 https://service.sap.com/sap/support/notes/1820894 •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 1CVE-2011-5260
https://notcve.org/view.php?id=CVE-2011-5260
Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter. Vulnerabilidad de ejecución de comandos en sitio remoto (XSS) en SAP/BW/DOC/METADATA de SAP NetWeaver permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro de página. • http://dsecrg.com/pages/vul/show.php?id=337 http://www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4 http://www.securityfocus.com/archive/1/520555/100/0/threaded https://erpscan.io/advisories/dsecrg-11-037-sap-bw-doc-multiple-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 1CVE-2011-5263
https://notcve.org/view.php?id=CVE-2011-5263
Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en RetrieveMailExamples en SAP NetWeaver v7.30 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web y HTML de su elección a través del parámetro "server". • http://dsecrg.com/pages/vul/show.php?id=330 http://secunia.com/advisories/45708 http://www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4 http://www.securityfocus.com/archive/1/520551/100/0/threaded http://www.securityfocus.com/bid/49266/info https://exchange.xforce.ibmcloud.com/vulnerabilities/69331 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2010-2904
https://notcve.org/view.php?id=CVE-2010-2904
Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2) helpstring parameter to paramhelp.jsp. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente System Landscape Directory (SLD) v6.4 hasta v7.02 en SAP NetWeaver, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) action sobre testsdic y (2) helpstring sobre paramhelp.jsp. • http://dsecrg.com/pages/vul/show.php?id=168 http://packetstormsecurity.org/1007-advisories/DSECRG-09-068.txt http://secunia.com/advisories/40712 http://www.osvdb.org/66639 http://www.osvdb.org/66640 http://www.vupen.com/english/advisories/2010/1935 https://exchange.xforce.ibmcloud.com/vulnerabilities/60668 https://service.sap.com/sap/support/notes/1416047 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •